Magento: Your web server is configured incorrectly

Question

From a live magento setup I made a tar.gz, moved that to an domains of another DirectAdmin user, extracted the tar.gz, copied the database, changed the URL of domain in the database. Front-end works good.

Backend gives me the following error:

Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.”

I already check the folder and file permission. Also tried to change the rights from the user:group settings with SSH access to the same user as the DirectAdmin user name. But that did not work either.

Note that this installation is on the same server as the live environment.

Live: (working) http://imageshack.us/photo/my-images/197/nrhj.png/
Test: (not working) http://imageshack.us/photo/my-images/542/uklz.png/

Answer 1

Specifically check the permissions on app/etc/local.xml as usually this means it is world readable.

Also, there is supposed to be a .htaccess file in app/etc/ that denies the contents from being served out by the web server. Check just in case your tar backup didn't include it. Usually this problem comes about from using an FTP client to do the transfer that has had hidden file visibility turned off.

Answer 2

For Apache 2.4.x you have to add Require all granted So it would look something like this:

<Directory /var/www/magento>
  AllowOverride All
  # New directive needed in Apache 2.4.3: 
  Require all granted
</Directory>

Source: Apache: client denied by server configuration

Answer 3

Im using a Debian 7 with Apache 2.2.22 and Magento 1.9.1, adding

<Directory /var/www/magento/>
            AllowOverride All
</Directory>

in /etc/apache2/sites-available/default

works for me

Answer 4

Similar to John Veldboom's answer I added this to /etc/apache2/apache2.conf since my magento install was in a different directory /var/www/html (eg. the directory path is wherever magento was extracted):

<Directory /var/www/html/>
        AllowOverride All
        Require all granted
</Directory>

With the following apache2 and ubuntu distro:

root@test-VirtualBox:/var/www/html# dpkg -l apache2 && lsb_release -a
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
ii  apache2        2.4.7-1ubunt amd64        Apache HTTP Server
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:   trusty

Answer 5

I had this issue on Debian and found my server-level site config (in /etc/apache2/sites-available/default) had AllowOverride None set. Changing that line to AllowOverride All fixed it.

Answer 6

Thanks Haselnussstrauch, your answer worked for me. My setting was in apache2.conf

sudo nano /etc/apache2/apache2.conf

Change the default AllowOverride None to AllowOverride All

<Directory /var/www/>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

Then restart Apache:

sudo service apache2 restart

Answer 7

Many other places suggest that you can block ip addresses to your server by adding this to your httpd.conf

<Location />
order allow,deny
allow from all
deny from aa.bb.cc.dd
</Location>

however this for some reason causes all other .htaccess files to be ignored, including .htaccess files that are in place to protect magento.

Answer 8

I have fixed issue, there is no .htaccess fine inside sub folder (especially app).